'&', '"' => '"', '<' => '<', '>' => '>')); // Check that the file uploaded has a valid extension if (get_magic_quotes_gpc()) $_FILES['userpicture']['name'] = stripslashes($_FILES['userpicture']['name']); $picture_name = strtr($_FILES['userpicture']['name'], $forbidden_chars, str_repeat('_', strlen($CONFIG['forbiden_fname_char']))); if (!preg_match("/(.+)\.(.*?)\Z/", $picture_name, $matches)) { $matches[1] = 'invalid_fname'; $matches[2] = 'xxx'; } if ($matches[2] == '' || !is_known_filetype($matches)) { cpg_die(ERROR, sprintf($lang_db_input_php['err_invalid_fext'], $CONFIG['allowed_file_extensions']), __FILE__, __LINE__); } // Create a unique name for the uploaded file $nr = 0; $picture_name = $matches[1] . '.' . $matches[2]; $avatar_name = 'user_'.(USER_ID + FIRST_USER_CAT).'_avatar.' . $matches[2]; while (file_exists($dest_dir . $picture_name)) { $picture_name = $matches[1] . '~' . $nr++ . '.' . $matches[2]; } $uploaded_pic = $dest_dir . $picture_name; // Move the picture into its final location if (!move_uploaded_file($_FILES['userpicture']['tmp_name'], $uploaded_pic)) cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_move'], $picture_name, $dest_dir), __FILE__, __LINE__, true); // Change file permission chmod($uploaded_pic, octdec($CONFIG['default_file_mode'])); // Get picture information // Check that picture file size is lower than the maximum allowed if (filesize($uploaded_pic) > ($CONFIG['max_upl_size'] << 10)) { @unlink($uploaded_pic); cpg_die(ERROR, sprintf($lang_db_input_php['err_imgsize_too_large'], $CONFIG['max_upl_size']), __FILE__, __LINE__); } elseif (is_image($picture_name)) { $imginfo = getimagesize($uploaded_pic); // getimagesize does not recognize the file as a picture if ($imginfo == null) { @unlink($uploaded_pic); cpg_die(ERROR, $lang_db_input_php['err_invalid_img'], __FILE__, __LINE__, true); // JPEG and PNG only are allowed with GD } elseif ($imginfo[2] != GIS_JPG && $imginfo[2] != GIS_PNG && $imginfo[2] != GIS_GIF && ($CONFIG['thumb_method'] == 'gd1' || $CONFIG['thumb_method'] == 'gd2')) { @unlink($uploaded_pic); cpg_die(ERROR, $lang_errors['gd_file_type_err'], __FILE__, __LINE__, true); } elseif (max($imginfo[0], $imginfo[1]) > $CONFIG['max_upl_width_height']) { @unlink($uploaded_pic); cpg_die(ERROR, sprintf($lang_db_input_php['err_fsize_too_large'], $CONFIG['max_upl_width_height'], $CONFIG['max_upl_width_height']), __FILE__, __LINE__); } // Image is ok } $work_image = $CONFIG['fullpath'] . $filepath . $picture_name; $avatar = $CONFIG['fullpath'] . $filepath . $avatar_name; if (!resize_image($work_image, $avatar, $CONFIG['mini_thumb_width'], $CONFIG['thumb_method'], "mini", "false", 1)) { @unlink($uploaded_pic); cpg_die(CRITICAL_ERROR, sprintf($lang_db_input_php['err_insert_pic'], $uploaded_pic) . '

' . $ERROR, __FILE__, __LINE__, true); } else { cpg_db_query("UPDATE {$CONFIG['TABLE_USERS']} SET avatar_url='".$avatar."' WHERE user_id='".(USER_ID)."'"); //not used anymore due to bridge compatibility //cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET avatar_url='".$avatar."' WHERE author_id='".(USER_ID)."'"); @unlink($uploaded_pic); $header_location = (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE'))) ? 'Refresh: 0; URL=' : 'Location: '; $redirect = "avatar_manage.php"; header($header_location . $redirect); pageheader($lang_info, ""); msg_box($lang_info, $lang_db_input_php['upl_success'], $lang_continue, $redirect); pagefooter(); ob_end_flush(); exit; } break; } if(isset($_POST['dowhat'])) { switch ($_POST['dowhat']) { case "delete_avatar": if (isset($_POST['all_avatar'])) { //confirm checkbox clicked?? //first let's check if an uploaded avatar is in his folder $result = cpg_db_query("SELECT avatar_url FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '".(USER_ID)."'"); $url_data = mysql_fetch_array($result); mysql_free_result($result); $avatar_url = $url_data['avatar_url']; @unlink($avatar_url); cpg_db_query("UPDATE {$CONFIG['TABLE_USERS']} SET avatar_url='' WHERE user_id='".(USER_ID)."'"); //not used anymore due to bridge compatibility //cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET avatar_url='' WHERE author_id='".(USER_ID)."'"); header('Location: '.$PHP_SELF); } break; case "set_avatar": $mark_list=$_POST['list']; if ($marklist[0]) header('Location: http://localhost'); while(list($key, $value) = each($mark_list)) if ($key) { echo $value. " <- value
"; $matches = array(); preg_match("/(.+)\.(.*?)\Z/", $key, $matches); $avatar_name = 'user_'.(USER_ID + FIRST_USER_CAT).'_avatar.' . $matches[2]; if (!copy($CONFIG['fullpath'] . $value . $key, $CONFIG['fullpath'] . $value . $avatar_name)) return false; cpg_db_query("UPDATE {$CONFIG['TABLE_USERS']} SET avatar_url='".$CONFIG['fullpath']. $value . $avatar_name."' WHERE user_id='".(USER_ID)."'"); //not used anymore due to bridge compatibility //cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET avatar_url='".$CONFIG['fullpath'].$key."' WHERE author_id='".(USER_ID)."'"); } header('Location: '.$PHP_SELF); break; } } $result = cpg_db_query("SELECT count(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE owner_id=".(USER_ID)); list($tot_pictures) = @mysql_fetch_array($result); $result = cpg_db_query("SELECT avatar_url FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '".(USER_ID)."'"); $url_data = mysql_fetch_array($result); mysql_free_result($result); $avatar_url = $url_data['avatar_url']; if ($avatar_url !="") $avatar_url = ""; else $avatar_url=""; pageheader($lang_avatar['manage']); echo <<
$lang_avatar[stats]
$lang_avatar[available_pics] $tot_pictures $lang_avatar[pictures]!

$avatar_url
$lang_avatar[remove]
EOT; create_avatar_upload (); echo << EOT; if ($tot_pictures > 0 && $CONFIG['enable_mini_thumbs']){ echo <<
EOT; } } function create_form(&$data) { global $CONFIG; foreach($data as $element) { if ((is_array($element))) { switch ($element[2]) { case 0 : text_box_input($element[0], $element[1], $element[3], $element[4]); break; case 1 : file_input($element[0], $element[1], $element[3]); break; case 2 : form_alb_list_box($element[0], $element[1]); break; case 3 : text_area_input($element[0], $element[1], $element[3]); break; case 4 : hidden_input($element[0], $element[1]); break; default: cpg_die(ERROR, $lang_upload_php['reg_instr_1'], __FILE__, __LINE__); } // switch } else { form_label($element); } } } function form_label($text) { echo << EOT; } function open_form($path) { echo << function textCounter(field, maxlimit) { if (field.value.length > maxlimit) // if too long...trim it! field.value = field.value.substring(0, maxlimit); }
EOT; } function close_form($button_value) { global $lang_upload_php; echo << EOT; } function form_instructions() { global $CONFIG, $lang_upload_php, $user_form, $max_file_size; echo ""; } function create_avatar_upload () { global $lang_upload_php, $CONFIG, $max_file_size; // Do some cleanup in the edit directory. spring_cleaning('./albums/edit',3600); // Do some cleaning in the temp data table. clean_table(); // Create upload form headers. //pageheader($lang_upload_php['title']); // Open the form table. //starttable("100%", $lang_upload_php['title'], 2); // The user has the single upload only form. Send the request to db_input.php. open_form($_SERVER['PHP_SELF']); //open_form('upload_avatar.php'); form_instructions(); // The user should have the 'single upload only' form. // Declare an array containing the various upload form box definitions. $captionLabel = $lang_upload_php['description']; $form_array = array( sprintf($lang_upload_php['max_fsize'], $CONFIG['max_upl_size']), array('MAX_FILE_SIZE', $max_file_size, 4), array($lang_upload_php['picture'], 'userpicture', 1, 1), array('event', 'picture', 4) ); create_form($form_array); // The user has the single upload only form. Select proper language for button. close_form($lang_upload_php['title']); //endtable(); //pagefooter(); //ob_end_flush(); // Exit the script. //exit; } ?>
$lang_avatar[manage]: $lang_avatar[select]
EOT; $sort_codes = array( 'title_a' => 'title ASC', 'title_d' => 'title DESC', 'image_name_a' => 'filename ASC', 'image_name_d' => 'filename DESC', 'date_a' => 'ctime ASC', 'date_d' => 'ctime DESC', ); $sort = (!isset($_GET['sort']) || !isset($sort_codes[$_GET['sort']])) ? 'title_a' : $_GET['sort']; $tab_tmpl = array('left_text' => '' . "\n", 'tab_header' => '', 'tab_trailer' => '', 'active_tab' => '' . "\n" . '', 'inactive_tab' => '' . "\n" . '' . "\n", 'active_next_tab' => '' . "\n" . '', 'inactive_next_tab' => '' . "\n" . '', 'active_prev_tab' => '' . "\n" . '', 'inactive_prev_tab' => '' . "\n" . '' ); $subscr_per_page = 25; $page = isset($_GET['page']) ? (int)$_GET['page'] : 1; $lower_limit = ($page-1) * $subscr_per_page; $total_pages = ceil($tot_pictures / $subscr_per_page); //end tabs setup $sql = "SELECT p.pid, p.title, p.caption, p.ctime, p.filepath, p.filename ". " FROM {$CONFIG['TABLE_PICTURES']} AS p WHERE p.owner_id=".(USER_ID). " ORDER BY " . $sort_codes[$sort] . " ". "LIMIT $lower_limit, $subscr_per_page;"; $tabs = create_tabs($tot_pictures, $page, $total_pages, $tab_tmpl); $result = cpg_db_query($sql); $total= @mysql_num_rows($result); while($i=mysql_fetch_array($result)) { $pid=$i['pid']; $filepath=$i['filepath']; $filename=$CONFIG['mini_pfx'].urlencode($i['filename']); $lb = "\n"; $this_date=localised_date($i['ctime'], $comment_date_fmt); $mime_content = cpg_get_type($i['filename']); if ($mime_content['content'] == 'image' ) { if ($CONFIG['enable_mini_thumbs']){ $preview = << EOT; } else $preview = "   "; echo << EOT; } } echo <<
' . $lang_avatar['u_pics_on_p_pages'] . '%d%d%sNext%sPrev $preview
$this_date $lang_avatar[title] $i[title]
$i[filename]

$lang_avatar[selected]
$lang_avatar[sort_by] $lb
$tabs
EOT; endtable(); } pagefooter(); ob_end_flush(); /* ################################################################################################ */ function clean_table() { global $CONFIG; $comparative_timestamp = time() - 3600; $result = mysql_query("DELETE FROM {$CONFIG['TABLE_TEMPDATA']} WHERE timestamp < $comparative_timestamp"); if ($result) { return TRUE; } else { return FALSE; } } function hidden_input($name, $value) { echo " \n"; } function file_input($text, $name, $iterations) { $ordinal = ''; // Begin loop for ($counter=0; $counter<$iterations; $counter++) { // Create a numbering system when necessary. if ($text == '') { $cardinal = $counter + 1; $ordinal = "".$cardinal.". "; } // Create the file input box. echo << 		$text $ordinal
$text

"; printf ($lang_upload_php['avatar_instr_1'], $CONFIG['max_upl_size']); echo "